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Abstract. The main result of this paper is a new version of Newton-Hensel lifting that relates 
to interpolation questions. It allows one to lift polynomials in Z[x] from information modulo a 
prime number p ^ 2 to a power p k for any k , and its originality is that it is a mixed version 
that not only lifts the coefficients of the polynomial but also its exponents. We show that this 
result corresponds exactly to a Newton-Hensel lifting of a system of 2t generalized equations in 
2t unknowns in the ring of p -adic integers 1 V . Finally we apply our results to sparse polynomial 
interpolation in Z[x] . 



Introduction 

Quoting [BCSS98, p. 10], Newton's method has been considered "the search algorithm" sine qua non 
of numerical analysis and scientific computation. Since its origins probably by Viete around 1580, 
its description by Newton in 1669, simplification by Raphson in 1690 and actual formulation by 
Simpson in 1740, Newton's method has been widely studied, applied and generalized. For instance 
we mention here the crucial development by S. Smale of the alpha theory, emphasizing conditions 
on the input approximate zero (i.e., where can we start the Newton's method) instead of hypotheses 
with regard to estimates on the unknown zero, and of the gamma theory that estimates the size of a 
ball of approximate zeros around the zero [Sma86] and [BCSS98, Ch. 8 and 14]. Another important 
issue is the search for algorithms for finding approximate zeros in [ShSm94, CuSm99] (the search 
of a polynomial time uniform algorithm for such an approximate zero is one of the mathematical 
problems for next century proposed in [Sma98]), and the generalizations of Newton's method for 
over-determined systems, for instance in [DeShOO], and recently for systems with multiplicities in 
[Lec02]. 

The non-archimedean counterpart of Newton's method, introduced by Hensel around 1900, is 
the basis of the construction of the p-adic numbers and their applications as in the local-global 
Hassc-Minkowski principle for quadratic forms. Since then, "Newton-Hensel lifting" in its non- 
archimedean versions is primordially present in exact symbolic computation: for example in univari- 
ate rational polynomial factorization in [Zas69] and the breakthrough LLL-polynomial time factor- 
ization algorithm [LLL82], in multivariate polynomial factorization [ChGr82, Chi84, Gri84, Kal85]. 
Also for multivariate polynomial systems solving in the Grobner basis setting in [Tri85, Win88] 
and in the primitive element setting in [ChGr83, Chi84, Gri84] and in [GHMMP98, GHHMMP97, 
HKPSW00, JKSS04]. 

The main result of this paper is a new version of Newton-Hensel lifting that relates to interpolation 
questions. It allows to lift polynomials in Z[x] from information modulo a prime number p ^ 2 
to a power p k for any k , and its originality is that it is a mixed version that not only lifts the 
coefficients of the polynomial but also its exponents. 
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Theorem 1. Let p be an odd prime number, and t G N, 1 < t < p — 1 . 

Set j/i, . . . , j/2t € Z . iet / := E*=i Oj 2 ^ G Z[x] £i> ■ • ■ , ^2t € Z satisfy that 

• ee y, (mod p) , 1 < z < 2i , 

/" rr" 1 ... a;"' ai e p (xi)a;" 1 ... a t e p (a;i)x"' 

• det 



^ (mod p) , 



\ ^2t ••■ ^2* °i e P (x2t)x%l ■■■ a t e p {x 2 t)x at 



21 



where e p : Z — > Z/pZ is ffte map defined by x p 1 ee 1 + pe p (ir) (mod p 2 ) /or p { a; and 
e p (x) = /or p|x (see Definition 1.1 and Notation 1.4). 

Then for every k G No there exists fk := Ej=i a k,j% akJ G Z[x] , i/iai satisfies simultaneously: 

• /fc(a;i) ee yj (mod p 2 ^) /or 1 < i < It , 

• ak j ee aj (mod p) and afcj ee aj (mod (p — 1)) , 1 < j < t . 

Furthermore, if fk := Ej = i a k,jX ak,j , 9k '■= Ej=i b k ,jX l3k - j G Z[ir] are £wo swc/i polynomials, then 

a k ,j = b k ,j (modp 2 * 1 ) and a ktj = f3 k ,j (mod (p(p 2k )) , l<j<t, 
where ip denotes the Euler map. 

In fact we show in this paper that this result corresponds exactly to a Newton-Hensel lifting of 
a system of 2t generalized equations in 2t unknowns, where the unknowns are the t coefficients 
of / in the p-adic integers Z p and the t exponents of / in some suitable set £ p (see Definition 
2.1), and where the condition that the defined determinant does not vanish modulo p is the 
corresponding classical condition on the Jacobian determinant of the system: the map e p plays 
the role of a logarithmic function that enables us to lower the exponents to the floor level. 

For this purpose we introduce the ring £ p of "allowed exponents" (whose additive group is iso- 
morphic to the p -adic unit group Z p ) , where "allowed" means that for x G Z p and a G E p , 
x a G Z* , and we study systems of generalized polynomial expressions in Z p , where the variables 
belong to Z* and the exponents belong to £ p . 

Here, among all the equivalent descriptions of Z p we adopt the following one that we consider 
more suitable for our formulations: 

Z p = { (a k )ken G Z N : a k+ i = a k (mod p k ) V k G N } / ~, 

where [a k )ken ~ (°fc)fceN a k = Ofe (mod p fc ), Vfc G N. Similarly, we have 

£ P = {K)fceN G Z N : a k+ i=ak (mod <p(p k )) Vfc G N } /«, 



where (a fc ) feeN « (/?fc)fceN a k = /3 k (mod tp(p k )), Vfc G N. (In the sequel (a fe ) fe or (a fe ) fe 
denote the class in the corresponding ring.) 

We consider systems of equations where the unknowns are the variables in Z p or the exponents 
in £ p , switching from one formulation to the other by a logarithmic argument, and obtain in 
Propositions 2.11 and 2.12 below the generalizations of the following Newton-Hensel univariate 
lifting statements: 



Proposition 2. Set t G N, y, aj G Z p and aj := {ctj k ) k G £ p , 1 < j <t . Let x\ G Z , p\x\ , be 
such that 

• f( x i) '■= E*=i a j X V = V ( mod P) > 

• ELi a j a j2 Zi' -1 # (mod p) , 
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then there exists a unique x = (x\, X2, ■ ■ ■ ) G Z* such that f(x) = y in Z, 



Proposition 3. Set t G N, y, aj G Z p and Xj :— (xjk) k 6 , 1 < j < t . Let ct\ G Z &e swc/i 

• g( a i) : = E*=i aj x T = y ( mod p) > 

• E*=i a i epfe) ^ (mod p) , 

where e p : Z — > Z/pZ is i/ie map defined by x v ~ x = 1 + pe p (x) (mod p 2 ) /or p { a; and 
e p (x) =0 /or p | x , 

then there exists a unique a = (ai,a 2 , ■ ■ ■ ) G £ p such that g(a) = y in Z p . 

We observe that the map e p used in the hypotheses of Theorem 1 and Proposition 3 is a group 
homomorphism (Z/p 2 Z) x — > Z/pZ that appears widely in the literature, even if not explicitly 
stated in the way we do in Proposition 1.2 below. It arises naturally when looking for generators of 
the cyclic multiplicative group Z/p fe Z for p an odd prime number [Apo76, Th.10.6] or considering 
the filtration of the group of p-adic units Z* [Ser70, Ch.II §3.1]. As explained in [Carl4, p. 101] 
the properties e(2) = and e(3) = are also intimately related to special cases of Fermat's last 
theorem. It seems that at least until 1999, it was still unknown if there were infinitely many prime 
numbers p such that e p (2) 7^ without assuming the ABC conjecture [EsMu99, p. 8]. Finally, let 
us mention that numerical experiments we made suggest that the behavior of the map e p (x)/p— 1 
for a fixed integer x and a variable prime number p seems to follow a uniform distribution in the 
[0, 1] interval. 

Our initial motivation and a possible useful application for the Newton-Hensel lifting result pre- 
sented in Theorem 1 above was the search of an efficient interpolation algorithm for integer uni- 
variate polynomials, where the number of interpolation points depends on the number of non-zero 
terms and not on the degree. A polynomial is called t -sparse if it has at most t non-zero terms. 
The problem of interpolating a t -sparse polynomial from its values in a list of specific inter- 
polation points where the number of these points does not depend on the degree but on t is 
called "sparse interpolation" . It received a lot of attention around 1990 and again recently, for 
instance in [BeTi88, Zip90, KaLa88, KLW90, KLL00, LeeOl, KaLe03], [BoTi91], [DrGr91, GKS91], 
[GKS90, CDGK91] and [GKS94] . 

It is a well-known fact that, as a consequence of Descartes rule of signs, a t -sparse polynomial 
/ G M[x] (one variable) has at most t — 1 distinct real positive roots. Therefore, any univariate 
t -sparse polynomial in C[x] is uniquely determined by its value in 2t different positive values in R 
(since for two such polynomials, the difference / — g of their real parts (or their imaginary parts) 
is a 2t -sparse polynomial which has at most 2t — 1 different real positive roots). In [BeTi88], M. 
Ben-Or and P. Tiwari produced a beautiful deterministic algorithm that recovers such a t -sparse 
polynomial / G C[x] from its value in the 2t interpolation points 

xi := 1, x 2 := a, x 3 := a 2 ,..., x 2t := a 2 * -1 , 

where a is not a root of unity of small order. They also raised the problem of producing an 
algorithm that interpolates a t -sparse polynomial in C[x] from 2t arbitrary different real positive 
values, to emulate in some sense Lagrange or Newton interpolation algorithms that do not require 
specific interpolation input values, instead of imposing the starting points as they do. 

Although we are not able to answer this question in generality, we produce in Proposition 1.14 
families {x\, . . . ,x 2 t} of starting points where the non- vanishing determinant hypothesis holds 
under a good reduction property of the input t -sparse polynomial modulo the prime number p 
(Proposition 1.10). Therefore, applying Theorem 1 we obtain a very fast algorithm for sparse 
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interpolation of i -sparse polynomials in 7L\x\ that reduce well modulo p (Algorithm 3.16). The 
algorithm does not require to know in advance the degree of the polynomial although it needs 
to know its exact number t of non-zero terms. In order to make this algorithm work for any 
polynomial / G 7L\x\ , we still idealistically need a criterion to choose, in terms of the evaluation 
values yi = f(xi) , a (small) prime number p such that / reduces well modulo p. This would be 
the analog of the choice of the prime in the univariate rational polynomial factorization algorithms 
(the condition in this case is given by the non- vanishing of a discriminant modulo p), and in 
the archimcdean setting, a (still unknown) criterion for the choice of an approximate zero. More 
realistically, we would at least need a satisfactory probabilistic argument for the choice of such a 
prime in a given range (that we are still unable to produce). 

The paper is organized as follows. 

Section 1 is mainly devoted to the proof of Theorem 1. For this purpose we introduce a generaliza- 
tion of the e p group homomorphism mentioned above (Definition 1.2). Then we prove the theorem 
(Theorem 1.6) and present an equivalence of the uniqueness condition (Proposition 1.10). Finally 
we analyze the existence of good starting sets {xi, . . . ,x 2 t} as inputs of Theorem 1 (Definition 
1.12 and Proposition 1.14). 

In Section 2, we focus on the Hcnsel lemma character of our Theorem 1 in the ring of p-adic 
integers Z p . We introduce the set £ p of allowed exponents (Definition 2.1), the generalized 
polynomial equations and their dual exponential equations (Observation 2.7) and we present the 
proofs of Propositions 1 and 2 above (Propositions 2.8 and 2.9) and their generalizations to systems 
of generalized polynomial and exponential equations (Propositions 2.11 and 2.12). 
Finally Section 3 deals with the sparse interpolation problem mentioned above, first focusing in 
univariate t -sparse polynomials with coefficients in finite rings and then in univariate integer 
t -sparse polynomials. 

Acknowledgments. Teresa Krick thanks Wen-shin Lee for bringing her into the sparse interpo- 
lation subject and Michael Singer for wonderful discussions. We are also grateful to Felipe Cucker, 
Arieh Iserles, Erich Kaltofen and Mike Shub for their advice, and to the referees for their careful 
reading and clarifying comments. 

1. NEWTON-HENSEL LIFTING 

This section is mainly devoted to the proof of Theorem 1, the Newton- Hensel interpolation lifting 
theorem stated in the introduction. 

During the paper p denotes an odd prime number. Given an integer p prime to p, we denote 
by o p k(p) the order of p in the multiplicative cyclic group (Z/p k Z) x . We recall that p G Z is 
a primitive root modulo p k if its class in Z/p fc Z generates this cyclic group, that is if o p k(p) = 
ip(p k ) = (p-l)p k - 1 . 

The crucial tool in this paper is a family of group homomorphisms that relates the multiplicative 
group (Z/p fc Z) x with the additive group Z/p fc-£ Z for t < k < 21. This morphism enables us to 
linearize polynomial expressions. 

Definition 1.1. Let p be an odd prime number, k,£ positive integers with I < k < 2£ . Define 
the morphism e PiM : (Z/p fe Z) x -> TLjp k - l TL by 

x vip e ) _ i 

e p ,kA x ) : = j ( mod P k ~ e ) 

pi 

Proposition 1.2. The map e p .k,e defined above is a group epimorphism. 
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Proof. The map is clearly well-defined since x v ^ p ) = 1 + p l e p ^A x ) (mod p k ) . Hence we must 
prove it is a group homomorphism. It is enough to prove: 

• £p,k,eO-) = (clear from the definition). 

• e P ,kA x V) = e P,kA x ) + e P,kAv) ■ Since xV(pl) = l+P e e P ,kA x ) (modp*) and y vi - p ^ = 
l+/e PiM (y) (mod/), it follows (xy)^ = (1 + p e e PlM (aO)(l + p l e P)M (y)) = 1 + 
P e {^p,kA x ) + e p.kAv)) (mod p k ) (here we use the condition k <2£ ). 

To see it is surjective we compute the order of its kernel. Ker(e Pi fc^) = {x E (Z/p fe Z) x : x v<<p ' = 1 
(mod/)} = {x G (Z/p fc Z) x : o pk (x) \ ip(p e ) = (p - l^- 1 }- Then |Ker(e p , M )| = (p - l)/" 1 , 
|Im(e Pi fe^)| = p fe ~^ and e Pi k,e is surjective. □ 

Remark 1.3. If p is a primitive root modulo p k then e p ^Ap) 7^ 0- 

Notation 1.4. Abusing notation we will denote e p ^,e the map from Z -> Z/p k Z -> Z/p^Z 
defined as in Definition 1.1 on elements prime to p and by zero on other elements. In the case 
k = 2 we will denote e P A x ) '■— £p,2,i{x) (or just e 2 {x) if the prime is clear from the context). 

Definition 1.5. Let p be an odd prime number, and t G N, 1 < t < p— 1 . Let / = a jX aj G 

Z[x] . For X\, . . . , x 2t G Z , we define: 



V ^2t ••■ ^2*' a l e 2 {x 2 t)x2t ••• ate 2 (x 2 t)x% J 
where e 2 (xi) : Z — ► Z/p 2 Z — > Z/pZ is the map of Notation 1.4. 

Quantity (1) plays the role of the usual jacobian in our version of Newton-Hensel interpolation 
lifting. In the next section, using the analysis in the p-adic context, the relation will become clear. 
For that reason we refer to it as the interpolating pseudo-jacobian modulo p of f on x\, . . . , x 2t . 

Theorem 1.6. (Newton-Hensel interpolation lifting) Let p be an odd prime number, and t G N, 
1 < t < p — 1 . Set j/i, . . . , y 2 t € Z . Let f := J2)=i a j x " j G and xi, . . . , x 2t G Z satisfy 

• /(£») = 2/» (mod p) , 1 < i < 2t , 

• A p f(xi, . . . , x 2t ) ^ (mod p) , w/iere A p / is given fry Formula (1). 

Then for every k G No there exists fk '■= Y^j=i a k.jX akJ G l\x] , that satisfies simultaneously: 

• fk(xi) = yi (mod p 2 ") for 1 < i < 2t , 

• akj = dj (mod p) and a k ,j = ctj (mod (p — 1)) , 1 < j < t . 

Furthermore, if fk := S*=i a k,jX ah ' j ,g k '■— Y^j=i °k,jX l3k - j G 7L\x\ are two such polynomials, then 
(2) a k ,j=b k ,j (mod p 2 *) and a k ,j = (3 k ,j (mod ^(p 2 *)), l<j<t. 

Proof. We define fo :— f , which is clearly the only possible definition for /o . Assume now 
fk = Y^j=i a k,jX ak <i is uniquely defined under Condition (2), with f k (xi) = yi (mod p 2 ) for 
1 < i < 2t , and a k ,j = aj (mod p) , a k j = ctj (mod (p — 1)) . 

We look for f k +i such that fk+i(xi) = yi modp 2fc+1 for 1 < i < 2t . In particular fk+i{xi) = jji 
(mod p 2 ) for 1 < i < 2t , and therefore fk+i is of the form 



/ xl 





(1) A p /(xi, . . .,x 2t ) := det 



(mod p) 




and have to be determined such that f k +i{xi) = yi (mod p 2 ^ +1 ) for 1 < z < 2t . 
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For notational simplicity, for the rest of the proof we set bj := ak,j and [3j :— akj ■ 

Since Xj ^ (mod p) , x^ p ' = 1 (mod p 2> ") . Let e 2 k+i (xj), £ 2 k+i ( x i) S {0, . . . ,p 2fc — 1} be such 
that 

(3) xf {p ) = 1 + p 2h e 2k+ i{xi) (mod/ +1 ) and yt = /fc(xj) + p 2 * £ 2 k+i (x;) (modp 2t+1 ) 
i.e. e 2 fc+i (x^ = e p 2 k+i 2 k (x,) . Then 

j/i = /fe+i(xi) (mod/ +1 ) 
t 



Then 



i=i 

= ^(6,+/' e ^)^(l+p 2 ' S e 2fe+1 (x i ))^ (mod/ +1 ) 
i=i 
t 

= ^(&i+P 2 d^xf^l+p 2 e 2 fe+i(xj)(5j) (mod p 2 + ) 

i=i 
t 

= X/^^f* +p2 + bje 2 k+i{xi)x^ 5j)) (mod p 2 + ) 

i=i 

t 

= fk(xi) +p 2k ^(xf 3 ^ + bje 2 k+i(xi)x^ Sj) (mod/ +1 ) 
i=i 

t 

= t/j -p 2fc ^ 2 fc+i(xi) +p 2fc y^(xf 3 'dj + &.,e 2fc+ i(x;)xf 3 <5,-) (mod p 2fc+1 ). 



-p 2 ^fc+^Xi) + p 2 ^(xf 3 ^ + bje 2 k+i(xi)x^ 5j) = (mod p 2 + ) 



Dividing by p 2 we get 



-£ 2 fc+i(xi) + ^(xf 3 dj + 6je 2 f.+i (xi)x^ 3 6j) = (mod p 2 ) for 1 < i < 2t. 



3 = 1 



Thus, one has to solve modulo p 2 * the linear system of equations 
(4) 



xf . 


. xf 


b\e 2 k+i (xi)x^ 1 


6 t e 2 fc+i (xi)xf' 


x 2t 


x 2t 


b 1 e 2 k+i(x 2 t)x^ . 


■ 6 t e 2 fc+i(x 2t )x 2 9 t t 



dt 
Si 



I £ 2 k+i(xi) 

\ t 2 k + l(x 2t ) 



Let Mk denote the 2t square matrix on the left hand side of System (4), that is the matrix of 
the (k + 1) -iteration step of our construction. Our aim is to show that this matrix is invertiblc 
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modulo p 2k , i.e. that det(Mfc) ^ (mod p) . As the next lemma shows all matrices reduce to M 
modulo p, then we can restrict ourselves to study det(M ) . 

Lemma 1.7. With the same notation as above Mk = M (mod p) term by term. 
Proof. By construction it is clear that bj = aj modp and x^ 3 = x" 3 (mod p) . 
Hence we are left to prove that for any x 6 Z prime to p, e p2 k +i.2 k ( x ) = e P ,2 k + 2 ,2 k + 1 i x ) 
(modp 2 ''). Let e := e p , 2 k + 1 ,2 k ( x ) ano ^ e ' : ~ e p,2 k + 2 ,2 k+1 ( x ) ■ Then x v ^ p2 ' = l+p 2k e (modp 2t+1 ) 
and x v( - p ) 



, 2*+!, 



1 + p 2k+1 e' (mod p 2k+2 ) . Since tp(p 2k+1 ) = Lp{p 2> ~ )p 2> " , we have: 

, 2 k s 2 k 

(x^ p )) p 

(l+p 2k (e+p 2k r)f k 



1 + p 2 p 2 (e + p 2 r) 



(p 2k ) 2 (e+p 2k r) 2 



(p 2 f(e+p 2 rf + -- 



i+p (e+p r)+p 



2 1 

2 k +2 k + ip -1 



(e +p 2 r) 2 +p 



32 k P 



2 



3 

1 + P 2k+1 (e + p 2 * (r + (e + P 2 V) 2 + ) (e + P 2 V) 3 + • • • )) 



(e+p 2 Y) 3 + 



2 / 



where r' := 



(mod p 2 ), 
Then e' = e + p 2 r' = e modp 2 



□ 



We continue with the proof of the theorem. We can restrict to compute det(Mo) . By definition, 



M = 



Xi* aie 2 (x\)x 



ai 
1 



a t e 2 {x 1 )x" t \ 



V x 2t ■■■ x 2t aie-2{ x 2t) x 2t ■■■ a t e 2 {x 2t )x^l J 
so that det(M ) = A p f{x\, . . . , x 2t ) ^ (mod p) by the second hypothesis of the theorem. 
Since det(M^) = det(M ) ^ (mod p) , is invertible and System (4) has a unique solution 
modulo p 2 , namely: 



d t 
Si 



Ml 



I t 2 k+i(x\) \ 
\ £ 2 k+l{x 2t ) / 



This shows the existence of fk+i and its uniqueness property. 



□ 



Observation 1.8. The statement of Theorem 1.6 also holds modulo p k . We stated and proved it 
modulo p 2 to get quadratic convergence as well as in the classic Newton-Hensel lifting. 

We observe that the hypothesis A p f(x\, . . . , x 2t ) ^ (mod p) of Theorem 1.6 implies in particular 
that p \ Xi , p \ aj and also that p — 1 \ aj — cn , 1 < i < 2t, 1 < j ' ^ I < t (otherwise, Xi being 
prime to p would force two columns of M to coincide). Thus / has exactly the same number t 
of terms when reduced modulo p than in Z[x] , and no two exponents reduce to the same modulo 
(p — 1) . In view of this we give the following definition 
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Definition 1.9. Let p be an odd prime number. We say that a polynomial / = ^ • a,jX aj G Z[x] 
with a,j 7^ , V j , reduces well modulo p if p \ dj for any j , and p — 1 \ ctj — ag for any j ^ I . 

In these conditions the uniqueness property of Theorem 1.6 has an equivalent formulation in terms 
of how the polynomials coincide as functions on (Z/p 2 Z) x : 

Proposition 1.10. Let f = ^2jajX aj ,g = ^^bix^ 1 G 7L\x\ be two polynomials that reduce well 
modulo p . Then, for any k G N , the two following conditions are equivalent: 

• f and g have the same number t of non-zero terms, and up to an index permutation, 
aj = bj (mod p k ) and ctj = [3j (mod (p(p k )) . 

• f(x) = g(x) (mod p k ) for all x G (Z/p k Z) x . 

Before giving the proof, we need the following: 

Observation 1.11. Any primitive root modulo p k is also a primitive root modulo p. 

Proof. Since (Z/p fe Z) x is a cyclic group, the number of elements in (Z/p fc Z) x of order divisible 
by (p — 1) is p k ^ 1 f(p — 1) . Clearly this set must contain the p k ~ x lifts of any primitive root of 
(Z/pZ) x to (Z/p k Z) x . By cardinality they are the same. □ 

Proof, of Proposition 1.10.- 

(JJ.) is clear. 

(ff) by induction in k : 

• Case k = 1: Write / = £)g ajX^' 1 ^ and g = b j x j+< - p - 1 ^ . Since x?' 1 = 1 
(mod p) and f(x) = g(x) (mod p) for 1 < x < p — 1 , 

p-2 

V^(cij — bj)xi = (mod p) for 1 < x < p — 1, 

3=0 

but a degree p — 2 polynomial has at most p — 2 different roots modulo p hence aj = bj mod p. 

• Assume it is true for k . 

Let /, g be two polynomials satisfying the hypothesis and such that f(x) = g(x) (mod p k+1 ) for 
all x G (Z/p fc+1 Z) x . In particular f(x) = g(x) (mod p) and by the k = 1 case they have both 
exactly t non-zero terms modulo p for some 1 < t < p — 1 . 

If / : = Sj=i fflj# aj and 5 := X^=i fya^' , by inductive hypothesis (up to a permutation of 
indexes) aj = bj (mod p k ) and Qj = (3j (mod tp(p k )) . Let aj 1 denote the inverse of aj in the 
multiplicative group (Z/p fe+1 Z) x , and < Cj,jj < p be such that 

aj 1 bj = l+p k c j (modp fe+1 ) and f3j - otj = tp(p k )jj (mod <^(p fe+1 )). 

For all a; G (Z/p fe+1 Z) x : 

= (f-g)(x) (modp fe+1 ) 



= ^i-/ ; .r" />,./•'' ) (mod/ +1 ) 
t 

= ^djX^O -a :j l bjX 3 ' "•<) (modp fc+1 ) 
t 

= (!-(!+ P^K^ 73 ) (mod p fe+1 ) 
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But x v ( pks> = 1 + p k e p ,k+i.k{x) (mod p k+1 ) for e Pt k+i,k defined in Notation 1.4, thus 
t 

= J^a^a "(1 +^0(1 +P fc e P)fc+ i ) fc(a:)rO (modp fc+1 ) 
j=i 
t 

= ^a J a;^(l-(l+/c J )(l+p' £ e Pifc+life (a;)7 J ) (modp fe+1 ) 

t 



Therefore, 
(5) 



-a j x a Jp k (c j + e Pik +i,k{ x hj) ( mod P k+1 ) 

3 = 1 



^ (cj + e Pi fe + i ife (a;)7j) = (mod p). 



Let p e Z be a primitive root modp fe+1 . Then iei := 1, x 2 := p p , . . . , x t := p( t_1 )p are all different 
modulo p by Observation 1.11, and e p .k+i,k{xi) = & P ,k+i,k{p <<l ~ V>p ) = (mod p) since e p ,k+i,k is 
a group homomorphism. Substituting in (5): 

t 

ajp^P a i Cj = (mod p) for 1 < i < t. 

3 = 1 



That is 



/ ai 



(i-l)pai 



a* 

(t-l)pa t 



C2 




(mod p). 



The Vandermonde determinant of this linear system is 

ai-"O t n(P PQ< -P pQ ')#0 (modp), 

j<£ 

since aj ^ ag mod (p — 1) . Therefore Cj = (mod p) and aj = bj (mod p fe+1 ) for 1 < j < t . 

In a similar way, taking x\ :— p, x 2 ■= p 2 , ■ ■ ■ , x t := p t in (5) knowing that Cj — and e p .k+i,k is 
a group homomorphism we get for e p := e p _k+i,k(p) ■ 

t 

^ ftjP 1 " 3 (« e p )7j = (mod p) for 1 < i < i, 

3 = 1 

that leads to a Vandermonde linear system with determinant equal to 

t\ ai • • • <h e> ai Y[(p a ' - p a ' ) # (mod p), 

j<£ 

since e p ^ (mod p) . We conclude that = (mod p) and therefore a.,- = (ij (mod <^(p fc+1 )) . 

□ 

The question in order to apply Theorem 1.6 is whether, given a polynomial / = Y?j=i a jX ai € 7L\x\ 
and an odd prime number p such that / reduces well modulo p , there exist starting interpolating 
sets {xi, . . . , X2t} C Z satisfying the assumption that A p /(xi, . . . , x 2 t) ^ (mod p) . 
The condition is independent from the polynomial coefficients ai since we can factor out a\ ■ ■ ■ a t 
from A p f and / reducing well modulo p implies that ai ^ (mod p) . Proposition 1.14 below 
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gives examples of good starting sets modulo p independent from / (i.e. they are good for any 
polynomial /eZ[i] with exactly t terms that reduces well modulo p). 

Definition 1.12. Let p be an odd prime number, and t £ N, 1 < t < p — 1 . We say that 
{xi, . . . ,X2t} C Z is a good starting set modulo p (for Newton-Hensel interpolation) if for every 
subset {ai, . . . , a t } C {0, . . . ,p — 2} , the quantity 

... ez^iK 1 ... e 2 (x 1 K t 



(6) 



det 



^ (mod p), 



"2t 



J' o 



"2t e 2 (x2t)x 2 l t 1 ••• e 2 (x 2t )x^ 
where e 2 : Z — > Z/p 2 Z — > Z/pZ is the map of Notation 1.4. 



Remark 1.13. While the previous determinant depends on the order chosen for the points Xi 
and the exponents ctj , the condition of being zero (respectively non-zero) does not. 

Proposition 1.14. The following sets {xi, . . . ,x 2t } C Z are good starting sets modulo p : 

(1) {xi, . . . , x 2 t} where Xi = p 1 ^ 1 (mod p 2 ) , 1 < i < 2t , for p G Z a primitive root modulo 
p 2 , or, more generally, where Xi = p a + l ~ l (mod p 2 ) , 1 < i < 2t , for p e Z a primitive 
root modulo p 2 and a E Z f2f consecutive powers of a primitive root modulo p 2 ). 

(2) {si, . . . ,X2t} where Xi = p 1 ^ 1 (mod p) and x t +i — Xi + p , 1 < i < t, for p G Z 
a primitive root modulo p , or , more generally, where Xi,x t +i = p a+% ~ x (mod p) and 
x t +i ^ Xi (mod p 2 ) , 1 < i <t , for p £ Z a primitive root modulo p and a £ Z ('any se£ 
xi, . . . ,X2t where you choose 2 sets of t consecutive powers of a primitive root modulo p , 
formed by different elements modulo p 2 ). 

Proof. We show the main cases of the two items, since their generalizations are straight-forward. 
We denote by A p the determinant modulo p defined in (6). 

In the first case Xi = p 1 ^ 1 modulo p 2 for 1 < i < 2t. Denote e := e 2 (p) , then e ^ since p is 
a primitive root modulo p 2 and e 2 (xi) = e 2 (p t ~ 1 ) = (i — l)e 2 (p) = (i — l)e. Substituting in the 
definition we get 



det 



1 

p ai 



1 

p at 





ep° 
2ep 



2(u 





ep° 
2ep 



\ 



2a t 



p (2t-l) ai 



p (2t-i )at (2* - i) ep (2t-i)«i 



(2t- l)ep( 2t -V a t J 



( 



= e* det 



V p 



1 

r.2a! 



(2t~l)ai 



1 

p at 
„2q, 



J2t-l)a t 



If we denote zi :— p ai for 1 < i < t , then 



A„ = e* det 



/ 1 

zi 

Z l 



V z 



2t~l 



Zt 



„2t~l 





p al 

2p 2ai 



(2t - l)// 2 '- 1 





2z 2 



Zt 

2z 2 





2p 2a * 



(2t-l)«f- 1 ... (Zt-ljxf- 1 / 



(2t-l)p( 2t - 1 ) Q * / 
\ 

(mod p) 

2t-l 
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The transpose of this last matrix is well-known. It arises in the Hermite interpolation problem 
while trying to interpolate a function by a polynomial / such that f(zi) = yi and f'(zi) — y[ for 
1 < i < t . Its determinant equals 

(-i) t(t - i)/2 .i---z t n 
i<i< 3 <t 

Hence 

A p = (_l)*(*- 1 )/ 2 e *p«i+-+«« ]7 (p a >-p a *) i (modp). 

l<i<j<* 

Since 1 < cti < p — 2 are all distinct and p is a primitive root modulo p (by Observation 1.11), 
pen ^ (mod p) if i ^ j , hence A p ^ (mod p) as wanted. 

The general case reduces to this one factoring out from the determinant the (non-zero) term 

p2a(ai-\ \-a t ) 

In the second case Xi = p 1 ^ 1 modulo p and x t +i = Xi + p for 1 < i < t . Then e 2 (x t +i) = 
e 2 (xi) — x^ 1 (mod p) for 1 < i < t since 

( Xi +p) p ~ 1 = x v r x + (p-ljpx^ 2 = l+p(e 2 (x t )-x- 1 ) (mod p 2 ). 

Thus, since x t +i = xi (mod p) , we have modulo p : 



( *? 



det 



det 



x? 1 



( xT 



V o 



e 2 (x 1 )x" 1 

e 2 {x t )x" 1 
(e 2 (xi) -a^K 1 



e 2 {x t )x" t 
(e 2 (xi) -x^)xT 



(mod p) 



(e 2 (x t ) - x^)xr ... {e 2 (x t ) - x-^xT j 
e 2 { Xl )x^ ... eafciK* \ 



e 2 (x t )xr 
-x 



t 

«i -l 



e 2 (x t )x? t 



„ai- 1 



(mod p) 



= (-l)V 1 ---^ 1 ni< J < J < t (p aj -P°*) 2 ^ (modp). 

For the general case observe that for 1 < i < t , x t +i = x t + kip (mod p 2 ) for some ki prime to 
p. □ 

Unfortunately, not every set {x\, . . . , x 2t } with Xi ^ (mod p) is a good starting set modulo p : 

Example 1.15. Take p := 7 , p := 3 and t = 2 , x\ = 3° (mod 7) , x 2 = 3 1 (mod 7) , x 2 := 3 2 
(mod 7) and X3 = 3 4 (mod 7), then e 2 (3) = 6 = — 1 (mod 7), for a\ :~ and a 2 :— 3 we 
obtain: 



A p = det 



/ 


1 


1 














3° 


3 3 




-3° 




-3 3 




32.0 


32-3 


-2 


.32.0 


-2 


.32.3 


V 


34.0 


34.3 


-4 


.34.0 


-4 


.34.3 



det 



/ 1 
1 
1 

V 1 



1 

-2 
-4/ 



(mod 7). 
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In particular, Proposition 1.14 implies that for any polynomial / £ Z[x] that reduces well modulo p 
and with exactly t non-zero terms , there exists a subset of size 2t in {1, . . . , 2p — 1} , x\ , . . . , x 2 t , 
that satisfies the hypothesis of Theorem 1.6, i.e. such that A p f(xi, . . . ,x 2t ) ^ (mod p) . In 
the case of a binomial, this result can be sharpened: for any prime p > 5 , there exists a subset 
{xi, . . . ,x 4 } C {1, . . . ,p- 1} with A p f(xi, ...,x 4 )^0 (mod p) . 

Proposition 1.16. Let p > 5 be a prime number and 0<a<(3<p — 1 . Then 

( l a P 3 e 2 (l)l Q e 2 (l)F 3 \ 

2 a 2? e 2 (2)2 Q e 2 (2)2' 3 

(mod p) 

\{p-l) a (p-lf e 2 (p - I) (p - l) a e 2 (p-l){p-lf ) 
has rank four, where e 2 : Z — > Z/p 2 Z — > Z/pZ is t/ie map of Notation 1.4- 

We omit the proof of this fact since it is quite tedious and is based on a smart choice of the four 
elements Xi depending on congruences of a — [3 modulo 2 , modulo (p — 1) and on the behavior 
of e 2 (xi) . □ 

Unfortunately this result is not true in general since for p := 11 , the polynomial / = a\ + a 2 x + 
x 3 + a 4 x 5 + a^x 8 has five non-zero terms but A p /(l, . . . , 10) = (mod 11) . Surprisingly, 
computer experiments performed with [PARI/GP] did not show any counter-example for trinomials 
(with any prime) nor polynomials with 5 terms for a prime different from 11 . 

For an arbitrary odd prime number p , there may be more good starting sets modulo p for a given 
t than the sets described in Proposition 1.14 but we are still unable to prove their existence in 
general. For instance for p = 7 and t = 2 , the set {1, 2, 3, 6} is good but is neither of type (1) nor 
of type (2). Actually in that case the total number of sets is 10626, from which 1640 are good 
but only 560 are of type (1) or (2). 

In what follows, we compute the number of different good starting sets as in Proposition 1.14 on 
the interval {1, ... ,p 2 — 1} in order to estimate (at least from below) the probability of having a 
good starting set modulo p when choosing any subset of {1, . . . ,p 2 — 1} . 

A first question we have to deal with is whether the sets described of type (1) and type (2) of 
Proposition 1.14 are distinct when choosing arbitrarily a primitive root modulo p 2 or modulo p 
and a starting exponent a . To make this analysis we need to distinguish the case t = p — 1 from 
t<p-l. 

Observation 1.17. // t = p — 1 , the good starting sets modulo p of type (1) in Proposition 1.14 
are contained in type (2) while if t < p — 1 type (1) and (2) define different good starting sets. 

Proof. For t = p — 1 , this is clear since the set of p — 1 consecutive powers of a primitive root 
modulo p coincides with the set {1, . . . ,p— 1} and a primitive root modulo p 2 is a primitive root 
modulo p. For t < p — 1 , in a set {p a , (0 a + 2t - 1 } of type (1) there are more than t consecutive 
primitive roots modulo p that cannot appear in a set of type (2). □ 

Proposition 1.18. For t = p— 1 there are at least (^) P 1 good starting sets modulo p in the set 
{l,...,p 2 -l}. 

Proof. We simply choose for each i, 1 < i < p — 1 , two different elements congruent to i modulo 
p. There are (^) P such choices. □ 
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Taking into account that the number of subsets of size 2(p — 1) in {1, 
multiples of p, equals (ffcjj) , this gives a ratio of 

(py- 1 i 

(fej) w p(p- 1 ) p - 1 

good starting sets modulo p , which is obviously a very small quantity. 

For t < p — 1 we need to perform a more careful analysis: 

Lemma 1.19. Let n G N, n > 2 and C := {0,1,..., s} C Z/nZ where 1 < s < n - 1 . If 
a(x) = mx + a is a bijective map of Z/nZ into itself such that a(C) = C , then a = Id or 
a = —Id + s . 

Proof. Without loss of generality we may suppose 1 < m < n and < a < n . Furthermore we 
may restrict to the case s < n/2 since if not C = {s + 1, . . . ,n — 1} is also fixed by a . Then the 
bijective map t(x) = a(x + s + 1) — (s + 1) fixes {0, 1, . . . , n — s — 2} (where n — s — 2 < n/2 ) 
and satisfies that a = Id t = Id and a = —Id + s r = —Id + (n — s — 2) . We consider two 
different cases: 

• Case a = 0. Note that in this case m < n/2 since cr(l) = m € C . We need to show 
that a = Id . Assume that m > 1 , then by the Euclidean algorithm s = qm + r with 
< r < m . In particular q < s since m > 1 , therefore q + 1 E C and cr(q +1) G C , i.e. 
c(<?+l) < s • But < (q + l)m < s + m < n/2 + n/2 = n implies that a(q + l) = (q + l)m , 
and, on the other side, (q + l)m > gm + r = s . Contradiction. 

• Case a > . Assuming m > 1 we will prove that m = n — 1 and a — s. 

Note that m > s since if not let A := {0 < x < n — 1 : mx + a < s} . Clearly A is non- 
empty (0 G .4), denote by y its maximum element, i.e. my + a < s and m(y + l) + a > s . 
Since m < s , < m(y + 1) + a < 2s < n , then <r(y + 1) = m(y + 1) + a . Since m > 1 
and my + a < s , y < s thus y + 1 G C . But then er(y + 1) < s and also m(y + 1) +a > s , 
a contradiction. Then s < m < n — 1 . 

In that case, <r(s) = since if a(y) — for y < s , then cr(t/ + 1) = m < s (a is 
bijective on C), which is not the case. Thus there exists z < s such that a{z) = 1 and 
cr(z + 1) = to + 1gC. That is, s + 1 < m + 1 < n belongs to C modn. That means that 
m + 1 = mod n and m = n — 1 . We conclude, since = a(s) = —s + a, that a = s . 

□ 

Corollary 1.20. Let p, g G Z be two different primitive roots modp k . Then, for any s , 1 < s < 
ip(p k ) , the sets p a {l,p, . . . , p s_1 } and g b {l, g, . . . , g' s ~ 1 } coincide modulo p k if and only if g = p 
(mod p k ) and b = a (mod f{p k j) or g = p^ 1 (mod p k ) and b = —(a + s — 1) (mod f(p k j) ■ 

Proof. Without loss of generality we may assume g = p m for some m prime to ip(p k ) . Then 
the two sets coincide if and only if {1,/J, . . . jP^ 1 } and p mb ~ a {l, p m , . . . ,p m,s_1 } coincide, i.e. if 
the bijective map a(x) — mx + (mb — a) of Z/(p(p k )Z fixes the set {0, 1, . . . , s — 1} . We apply 
Lemma 1.19 to conclude that a — Id, that is to = 1 (mod f{p k )) , and a = b (mod ip(p k )) or 
u = —Id + s , that is m = — 1 (mod ip(p k )) and b = —(a + s — 1) (mod f(p k )) ■ □ 

As an immediate consequence we can compute the number of good sets of type (1) and (2) in 
Proposition 1.14 for t < p — 1 : 

Corollary 1.21. Let p be an odd prime number and set 1 < t < p — 1 . There are at least 

p V (p-l)(p-lf/2+{^j p(p-l)(p-l)/2 
good starting sets modulo p in the set {1, . . . ,p 2 — 1} . 



■ ■ ■ ,p — 1} , avoiding the 
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Proof. First we count the sets of type (1) in Proposition 1.14: We choose a primitive root p modulo 
p 2 , there are ip(ip(p 2 )) such choices, and we choose < a < f(p 2 ) . Since t < p — 1 , 2t < (f(p 2 ) 
we can apply the previous lemma and divide the total number by 2. 

Next we count the sets of type (2): We first compute the number of sets modulo p , i.e. the number 
of different sets {/7 a+4_1 (mod p) : I <i <t} in the set {1, . . . ,p — 1} . Applying the previous 
lemma, there are ip(p)ip(ip(p)) /2 such different choices. Then for 1 < i < t we freely choose 
Xi,x t +i congruent to ( o a+l_1 but different. There are (^) such choices. □ 

Like in the case t = p — 1 , the ratio is again very deceptive: given p and t the probability of 
choosing randomly a good starting set modulo p is very low and tends to zero when p grows. 
However, a more realistic probability estimation would be to compute, given an odd prime number 
p and / G Z[x] a polynomial with exactly t < p non zero terms that reduces well modulo p, 
the probability that randomly chosen {x\, . . . , X2t} C {0, ... ,p 2 — 1} satisfy that Determinant (6) 
does not vanish modulo p . Unfortunately we are still not able to give a sharp estimation for that 
probability. 



2. p-ADIC EQUATIONS 

This section shows how Newton- Hensel construction of Theorem 1.6 corresponds to an usual Hensel 
lemma on the p -adic integers Z p . It explains the role played by the e-i group homomorphism of 
Proposition 1.2 and why starting sets modulo p need to contain a primitive root modulo p 2 . We 
begin by recalling some definitions and properties of Z p . We refer to [Ser70, Ch.II] for the details. 

For a prime integer p , the set of p -adic integers Z p is the inverse limit of the diagram 

Z/pZ <£- Z/p 2 Z Z/p 3 Z ■ ■ ■ , 

where : Z/p k+1 Z — ► Z/p k Z is the canonical projection. Here we will view Z p as the equivalent 
construction 

Z p = {(a k ) keN e Z N : a k+1 =a k (mod p k ) Vfc £ N } / ~ 
where ~ is the equivalence relation defined by 

(afc)feeN ~ (MfceN a k =b k (mod p k ) Vfc e N. 

and the operations are coordinate- wise, i.e.: 

K)fcGN + (MfcGN == K + MfcGN and K)fe£N ' ( b k) kE N : = K ' MfceN' 

In this formulation, a := (a k ) kefsS € Z^ , the multiplicative group of p-adic units, if and only if 
p\a 1 . 

From now on p will denote an odd prime number. In this case the multiplicative group Z^ and 
the additive group Z/(p — 1)Z x Z p are isomorphic. This last additive group can be viewed in 
another additive way, closely related to the changes of exponents we allow in Theorem 1.6 and that 
justifies a convenient exponentiation in Z p . For that purpose, we construct the ring of exponents 
that we will denote £ p : 

Definition 2.1. Let p be an odd prime number. We define £ p as the inverse limit of the following 
diagram: 

zMp)z ^ z/ v {p 2 )z ^ zMp 3 )z^ • • ■ , 

where, since <p(p k ) | (p(p k+1 ) , p k : Z/ip(p k+1 )Z — ► Z/p(p k )Z is the well-defined canonical projec- 
tion. 
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Equivalcntly, £ p can be seen as the ring 

£ P = {{a k ) ke n G Z N ■ a k +i = a k (mod ip(p k )) VteN}/ w 
where « is the equivalence relation defined by 

(afc)fceN ~ (Pk)keN ak=Pk (mod (p(p k )) Vfc G N. 

where the operations are coordinate- wise, i.e.: 

K)feeN + (/ ? fe)fceN : = K +/ 3 fe)fceN and K)fe £ N • (/ 3 fe)feeN := ("fe • Pk)kew 

In this formulation, a := (ak) keN E £ p if and only if gcd(a 2 , </?(p 2 )) = 1 , an d we have the ring 
isomorphism 

£ p ~ Z/(p- 1)Z x Z p : {a k ) kefi h-> (ai, (a fc ) fe > 2 ). 
Next proposition shows that £ p is a natural set of exponents for Z/pZ x : 

Proposition 2.2. Lef a := (a k ) keN E and a := {a k ) keN G £ p , fAen a" := {a k k ) keN G Z* . 
Proof. 

• It is immediate that ak = a' k (mod p fe ) and a k = aj. (mod (fi(p k j) implies a^ fc = (aJ £ ) Qfc = 
( a fe) a fc ( m °d p fe ) since a k ^ (mod p) . 

• Similarly, a fc+ i = a k (mod p fe ) and a k+ i = a k (mod </?(p fc )) implies a^ 1 = a^j = a^ fc 
(mod p fe ) . 

□ 

Corollary 2.3. For a given a E £ p , the map Z* — > Z* : a a a is a group homomorphism. 
Moreover if a E £ p is invertible, this map is an isomorphism since h = a a a = b a 

Lemma 2.4. For a given a G Z* , i/ie map (£ p , +) — > (Z* , •) : a i— > a a is a group homomorphism. 
Moreover, this map is an isomorphism if and only if a := (a/c) feeN is such that a 2 is a primitive 
root modulo p 2 . We call such a a good basis for taking logarithms. 

Proof. Note that if a := (a k ) kf - N is such that a 2 is a primitive root modulo p 2 , then a k is a 
primitive root modulo p k for all k E N (sec for instance [Apo76, Th.10.6]). Now for b := (b k ) keN G 
Z* , we let ak be such that a k k = b k (mod p k ) and we define a :— (ak) keN ■ It is easy to check 
that a G £ p , and a a = b . 

Conversely, we want to check that a 2 is a primitive root modulo p 2 if the map is onto. For each 
1 < b 2 < p 2 , with gcd(b 2 ,p) = 1 , let b := (o 2 ) fegN G Z* (the natural injection of Z into Z p ), 
and let a be such that a a = b . In particular o 2 2 = o 2 (mod p 2 ) , i.e. the powers of a 2 span 
(Z/p 2 Z) x then a 2 is a primitive root. □ 

In particular, if p G Z is a primitive root modulo p 2 , then p := (p) keN G Z* is a good basis for 
taking logarithms. 

In view of the previous discussion, for aj G Z* , ay E £ p ,l < j < t , the specialization 

t 

Z* -> Z p : a; ^ /(a;) := ^ 

is a well-defined map. As a consequence of Proposition 1.10, two such maps / = Y^j=i a.,' 2 ^ and 
<7 = J2)=i bjX t3 i coincide on Z* if and only if aj = bj in Z* and ctj — f3j in £ p , 1 < j < i , i.e. 
f = g ■ In this setting Theorem 1.6 admits the following formulation: 
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Theorem 2.5. (Newton-Hensel interpolation lifting on 7L P ) 

Let p be an odd prime number, and ( e N, 1 < t < p — 1 . Set y\, . . . ,y 2t G Z p ■ Let fi := 
Y?j=i a 3 ix ajl G 7L\x\ and x x = {x lk ) k , ...,x 2t = 0(2t)fc) fc G ^ p satisfy 
• fi(xi) = yi (mod p), l<i<2t, 



... x" 1 aie 2 (xi 2 )x" 1 ... a t e 2 (xi 2 )a;" t \ 



dct 



^ (mod p) , 



x 2t ■■■ x n a^2{x(2t)2)X2l ■■■ a t e 2 (x {2t)2 )x% J 
where e 2 (xi) : (Z/p 2 Z) x — > Z/pZ is i/ie group homomorphism of Definition 1.1. 

Then there exists a unique f :~ Y^ij=i a.jX aj with aj G Z* and otj G £ p , 1 < j < t , that satisfies 
simultaneously: 

• f(xj) = yj in Z p , \ <i<2t . 

• a j = ( a jT: • ■ • ), ; = ("ji, • • • ) ; 1 < 3 < t ■ 



In fact, this theorem is a particular case of a more general type of equations in Z p . We deal now 
with two types of equations: generalized polynomial ones and exponential ones, and we exhibit 
the duality they inherit from Lemma 2.4. 

Definition 2.6. 

• A generalized polynomial equation in Z* is 

t 

f(x) : )J " " 

where t G N, aj G Z p and aj £ £ p , 1 < j < t , are given, and x G Z* is the unknown. 

• An exponential equation in £ p is 

t 

5(a) := a i x< 3 

3=1 

where t G N, aj G Z p and i 3 6 , 1 < j < i , are given, and a E £ p is the unknown. 

Observation 2.7. Solving a generalized polynomial equation in Z* or an exponential equation in 
£ p are essentially the same problem, since if a G Z* is a good basis for taking logarithms, setting 
x = a a and Xi = a ai we obtain 

t t 

j=l 3=1 

The two next propositions generalize Hcnscl's lemma, traditionally for polynomials in Z[x] or 
Z p [x] , to the previous equations. We state them before giving their proofs to highlight their dual 
character. 

Proposition 2.8. Set t G N, y, aj G Z p and aj :— {ctjk) k G £ p , 1 < j <t . Let ii?Z, p \ x\ , 
be such that 

• f( x i) ■= E*=i a j x i 3 = v ( mod p) ' 

• Ej=i °j a:? 3 ' - # (mod p) , 

then there exists a unique x = (xi, x 2 , . . . ) G Z* swc/i i/ioi /(a;) = y in Z p . 

Proposition 2.9. Set t G N, y, aj G Z p and Xj := {xj k ) k G Z* , 1 < j < i . Le£ «[ eZ 6e suc/i 
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• 9((Xl) ■= Ej=l a 3 X T = V ( mod P) > 

• E*=i a j e i( x 3^) x'j 1 ^ (mod p) where e 2 is the group homomorphism defined in Defi- 
nition 1.1, 

then there exists a unique a — (ol\, a.2 1 ■ ■ ■ ) £ £ p such that g(a) = y in Z p . 

Proof, (of Proposition 2.8) 
We are looking for x := (xk) k € Z* such that 

t t 

f( x k) = ^ a 3 x V = ^2 a 3k x V* =Vk (modp fe ). 

3=1 3 = 1 

We construct it inductively starting from the given X\ . The condition p \ X\ guarantees that 
x G Z* . Let fceN and assume there is a unique Xk such that Xk = x\ (mod p) and /(z/j) = 

(mod p k ) . If we denote a 3 - := (ajk) k i 2/ : = (j/fc)fe > we are looking for .t^+i such that f(xk+i) = 
Uk+i (mod p k+1 ) . This implies f(xk+i) = (mod p fe ) and thus Xk+i = Xk + p k £, where £ is to 
be uniquely determined modulo p. We use the same arguments as in the proof of Theorem 1.6. 
Since a j{k +i) = a jk (mod p k ) , y k+ i = y k (mod p k ) and <x,-( fe+1) = a jk (mod if(p k )) , using the 
fact that f(xk) = yk (mod p k ) there exists z G Z such that 

t 

yfc+i - 51 °j(fc+i) a; fc J( * +1) = P k z ( mod P fe+1 )- 

3 = 1 

We obtain, by Newton expansion, 

f(x k+ i) = E*=i^(fe+i)(^+P fe 0^ (fe+1) (mod/ +1 ) 

- E •=i(^( fe+ i)^ (fc+1) + P* aj(H-i) ^' (fc+1> - 1 (™od 

= y fe+ i (mod p k+1 ) 

^=> p k z = p k EUi a 3(k+i) a 3(k+i) x k Hk+1, '\ (mod/+ 1 ) 

z ee (£* =1 a 3 (k+i) otj( k +i) x a k 3{k+1) )£ (mod p). 

Now, by hypothesis, since aj^+i) = 0^2 (mod p) for p | <p(p 2 ) , we conclude: 

3= E*=i a 3 a 32 ^i 3_1 (modp) 

^ E*=i a j(fe+i) ^(fe+i)^?'^ 1 ^ 1 (modp), 
and therefore, there exists a unique £ modulo p that solves the problem. □ 

Proof, (of Proposition 2.9) The exponential equation g(a) — Ej=i a j x< j — V nas a unique solution 
a G £ p such that a = oei (mod (p — 1)) if and only if the generalized polynomial equation 
/(£) = E*=i a j^ l3j — V nas a unique solution $eZ p x such that £ = £i (mod p) , where £ := b a 
and := , 1 < j < t , for a good basis b for taking logarithms. 
We check the assumption of Proposition 2.8: 

t t 
5>ji&2£f' 1-1 #0 (modp) , £a jl fab? lf)il - 1) ^0 (modp) 

t 

<^=> ^ Oj-i /3 j2 ^ (mod p). 
i=i 

Here we used b^ ai 2= (mod p) since p — 1 f a.\ and 61 is a primitive root modulo p . 
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Now, we apply the group homomorphism e 2 to xj 2 — fef 32 : e 2 (xj 2 ) = f3j 2 e 2 (b 2 ) (mod p) . More- 
over, since b 2 is a primitive root modp 2 , e 2 (b 2 ) ^ (mod p) . Thus 
t t 
^ dji fa Xjl ^ (mod p) ^ a ji e 2(xj2) x"l ^ (mod p). 

□ 

We observe that in both propositions, the second assumption on x\ and a.\ respectively is the 
one that corresponds to the usual f'[x\) ^ (mod p) in the classical Newton- Hensel lemma. 
Here, taking derivatives is not a closed operation (because a 2 ^ ot\ (mod p) but modulo (p — 1) ) 
and the assumption on the second order is the natural replacement of the derivative. Therefore, 
both for a generalized polynomial equation f(x) — J2j ajX aj and for an exponential equation 
g(a) = J2j a j x< j > we cau the expressions 

(7) A p f(x) := ^ dj ctj 2 x aj _1 (modp) and A p g(a) := ^ aj e 2 (xj 2 ) x" 1 (modp) 

3 3 

their pseudo-derivatives modulo p . 

Like the usual Newton-Hensel lemma, Propositions 2.8 and 2.9 generalize to their Implicit Function 
Theorem versions for systems of generalized polynomial and exponential equations in Z p . We set 
a couple of notations. 

Notation 2.10. We fix m,n G N, ti,...,t m G N, and for each 1 < i < m a multivariate 
generalized polynomial equation and a multivariate exponential equation 

fi(xi, . . . ,x n ) := ^afx^ 1 ■■■Xn* and g I (a 1 , . . . , a n ) := ^ af(x^ 1] ) ai ■ ■ ■ (xj m) ) Q ", 
i=i " 3=i 

where G Z p ,a^ G £ p ,x^ G Z*, are given. 

• For a system of m generalized polynomial equations in n unknowns x\, . . . ,x n eZ p x : 

f ( x ) = {fl(xi, ■ ■ ■ ,Xn), ■ ■ ■ , fm{xi, ■ ■ ■ ,X n )), 

we denote by J p f(x) its pseudo-jacobian matrix modulo p: 
( A p /i(xi) ... A p /x(x„) \ 



J P f (x) := 



g (z/pzy 



\ Apf m (xi) ... A p f m (x n ) J 
• For a system of m exponential equations in n unknowns aii, . . . , a n G £ p : 
g( a ) = {9i( a i, ■ ■ ■ 7«ri), • ■ • ,g m (ai, ■ ■ ■ ,a n )), 
we denote by J p g(a) its pseudo-jacobian matrix modulo p : 

(A p gi(o:i) ... A p g 1 (a n ) \ 
: : G (Z/pZ)™*", 

A p 5 m (ai) ... A p g m (a n ) J 
where A p fi(xg) and A p gi(ae) are the corresponding generalizations of Formula (7) : 

A p fi(xt) := J2j a( f a< j^ x e 1 x °\ " ' x " 3 ( mod P) 

A p9i {a t ) := E j afe 2 (x^ ) )(xf 1) r i ---(xf n) r- (modp). 
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Proposition 2.11. For m < n , let f (x) denote a system of m generalized polynomial equations in 
Z p in n unknowns xi, . . . , x n £ Z* , and let y := (yi, . . . , y m ) £ Z™ . Let xi = (in, . . . , x n \) £ 
Z™ , p\ xn , 1 < £ < n , be such that 

• f(xi) = y (mod p) , 

• J p i (xi ) (mod p) has rank to , 

then there exists x = (x\, . . . ,x n ) £ (Z* )™ smc/i i/ioi = (a^i, . . .), 1 < I < n, and f(x) = y 
in Z p . 

Proposition 2.12. For to <n, let g(a) denote a system of m exponential equations in Z p in 
n unknowns a\, . . . , a n £ £ p , and let y := (y\, . . . , y m ) £ Z™ . Lei cti = (an, . . . , a„i) £ Z™ , 6e 
smc/i t/ioi 

• g(ai) = y (mod p) , 

• Jpg(ai) (mod p) has rank m, 



then there exists a — (a 1; . . . , a n ) £ £™ such that — (an, . . . ) , 1 < £ < n , and g(a) = y in 
Z p . 

We prove here Proposition 2.11 since the other one has exactly the same proof as Proposition 2.9. 
Proof. (Proposition 2.11) We set f(x) = (/i(x), . . . , / m (x)) where 

fi(xi, ...,x n ):=y~] afx^ ■■■Xn' , 1 < i < m. 

3 = 1 

Following the proof of Proposition 2.8, we assume that x^ := (xifc, . . . , x n k) £ Z" is constructed 
such that f(xfe) = y^ (mod p k ) with Xfe = xi (mod p) coordinate-wise. We need x^+i) = 
X£k + P k £t with & to be determined for 1 < £ < n such that f(xfe + i) = yk+i (mod p k+1 ) . By 
assumption, for 1 < i < m , 



W(M-i) - E 4ii + i)^F +1) • • • - V k *i (mod 

3=1 

Now, 

- ES = iaSJUi)n^i(^ 1) (mod/**) 

(it) 

— y-n (*) r-rr" -"^+1) 

+P k ELi (n^,4r i, )4 <1)+1)_1 ^ ] (mod^ 1 ). 

Hence we need to solve 

p** ee /EL 1 [E^i4J + i)4lti)(n^,4 ai, )^ 1) ~ 1 ]^ (mod^+i) 

zi = EL 1 [E^ 1 4i +1) «5;ti ) (n^,4r i, )^ 1) "]^ ( m o dp) 

z « = E"=i A pM x a)£,e (mod p). 

Therefore, since by hypothesis, J p (f(xi)) = (A p fi(xa))u has maximal rank to, the system has 
a solution . . . , £„) modulo p . □ 

Proposition 2.12 yields immediately, as a particular case, another proof of Theorem 2.5: 
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Proof. (Second Proof of Theorem 2.5) Let b G Z* be a good basis for taking logarithms, aj := 
bP j , and consider the exponential system of 2t equations in 2t unknowns given by: g(/3, a) = 
(/i a),..., / 2t (/?,a)) where 

t 

f i ((3,a) = Y,b^x^,l<i<2t. 
i=i 

By Proposition 2.12, this exponential square system has a solution in £ p if Rank J p g(/3, a)) = 2t , 
or equivalently that det( J p g(/3, a)) ^ (mod p) . Furthermore, on this hypothesis the solution is 
unique. Now, 

A P MPi) = e 2 (b 2 )b l3 'x^ = a t e 2 {b 2 )x^ and A p = e 2 (x l2 )b f3 'x^ = a t e 2 {x i2 )x<*< . 

Therefore, since b 2 is a primitive root modp 2 , e 2 (b 2 ) ^ (mod p) , 



det 



ate 2 {b 2 )x" t a 1 e 2 {xx 2 )x" 1 



at e 2 {xi 2 )x^ \ 



\ a x e 2 (b 2 )x%l 

( x? 

a\ ■ ■ ■ a t e 2 (b 2 ) f det 



\ X 2t 



a t e 2 {b 2 )x 2 l aie 2 (x (2 i) 2 )x2 t 1 ... »t e 2 (x (2t ) 2 )x2 t t ) 
■ x"* aie 2 (xi 2 )x" 1 ... a t e2(xi 2 )x"* \ 

: : : #° (mod p) 

• x^l a x e 2 (x {2t)2 )x 2 l ... a t e 2 (x {2t)2 )x2t J 



by hypothesis. 



□ 



3. Sparse interpolation 



A polynomial / = X)j=o a i x ^ e A[x] , with A an arbitrary ring, is usually called a sparse polyno- 
mial or a fewnomial if we focus on its number of non-zero terms, i.e. the number of j 's s.t. a j ^ . 
If it has at most t non-zero terms, i.e. / = X)*=i a jX ai , / is called a t -sparse polynomial . Here 
we choose to name such a fewnomial a t -nomial to avoid confusion with the other usual notions 
of sparsity. Also we refer to a polynomial with exactly t non-zero terms as an exact t -nomial. 
As mentioned in the introduction, any univariate t -nomial in C[x] is uniquely determined by its 
value in 2t different positive values in R, and in [BeTi88], M. Ben-Or and P. Tiwari produced a 
beautiful deterministic algorithm that recovers such a t -nomial / G C[x] from its value in the 2t 
interpolation points x\ := 1 , x 2 :— a , x 3 := a 2 , x 2t := a 2 * -1 , where a is not a root of unity 
of small order. 

Furthermore, their algorithm works for a n -multivariate t -nomial / G C[xi, . . . ,x n ] , using as 
input interpolation points 



Xl 



(1, . . . , 1), x 2 := (pi, . . . ,p n ), x 3 := (pi, . . . ,pl), . . . , x 2t := (pf 



where p\, . . . ,p n are different integer prime numbers. The number of arithmetic operations in C 
it performs equals t 2 (logt+log(nd)) where log denotes the base 2 logarithm. In case the t-nomial 
has integer coefficients, the bit size of the algorithm is also polynomial in the maximal bit size h 
of the coefficients of / . 

A lot of work has been done in sparse polynomial and rational interpolation, in different bases 
of monomials and models. Let us mention again here some of these, mostly for polynomial in- 
terpolation in the standard monomial basis and the black box model, meaning you are allowed 
to choose your interpolation starting points: the work of M. Ben-Or and P. Tiwari in [BeTi88], 
of R.E. Zippel in [Zip90], of A. Borodin and P. Tiwari in [BoTi91], the series of papers of D. 
Grigoriev, M. Karpinski and M. Singer in [GKS90] on finite fields, as well as [CDGK91], the con- 
ceptually unifying paper [GKS91] following [DrGr91], and [GKS94] on rational interpolation. Also 
[KaLa88, KLW90, KLL00, LeeOl, KaLe03] that improve Bcn-Or-Tiwari algorithms in different 
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ways (producing probabilistic algorithm that reduce the explosion of size of intermediate integers 
or get rid of the assumption that a bound t for the number of terms is known). 

First let us mention a result that holds when the black-box representation of the polynomial is in 
fact a straight-line program, that is a program of evaluation that allows constants, and the + , 
— and * operations. This result does not seem to appear in the literature although it should be 
naturally contained in [GKS91]. The proof we present here is the fruit of a discussion with Michael 
Singer. It is based on the fact that taking derivatives linearizes exponents, the same effect than 
the e p "logarithmic" map we used in the p-adic context, and works for straight-line programs 
because of Baur and Strassen derivative inequality [BCS97, (7.7)]. 

Theorem 3.1. There is a deterministic algorithm that takes as input a straight-line program of 
length L representing a t-nomial f € C[x] and returns (the monomial expansion of) f . The 
complexity of the algorithm is of order 0(t 4 L) . 



Proof. For / = 



G C[x] we set Df(x) :— xf'(x) so that D(x a ) = ax a , the fc -iteration 



D^\x a ) = a)x a , and finally for k <= N , f = £\ a 3 a k 



X 3 



Since / is represented by a straight-line program of length L, {D^ k \f,0 < k < t} are given by 
t + 1 straight-line programs of length 0(L) , that can all be constructed from the straight-line 
program for / in time 0{tL) [BCS97, (7.7)]. 

We fix different positive x\, . . . , x t £ K and we construct the matrix 



C(f) :- 



( /(si) 
Df( Xl ) 



f{x t ) \ 
Df{x t ) 



eC 



txt 



and observe that 
where 



V D^)f{ Xl ) ... D^fixt) J 
C(f) = V(f)A(f)W(f), 



( «? 



V(f) ■= 



a 



t-i 



A(f) ■= 



( «i 



V 



at ) 



, W{f) := 



Therefore the rank of C(f) gives the exact number of non-zero coefficients a, and we can assume 
/ is an exact i-nomial, so that C(f) is invertible. 
Now we observe that if we set g := D f = ^!=i a . 



a* x 3 



3 3 



then C(g) = V(g)A{g)W(g) where 
V(g) = V(f), W(g) = W(f) and A(g) is the diagonal matrix with diagonal terms ajCtj . There- 
fore 

/ ai \ 



CigMf)- 1 = V(f) 



V 



v{f)-\ 



at J 



and to compute the exponents aj , 1 < j < t , is is enough to compute the characteristic polynomial 
of C(g)C(f)^ 1 and its (integer) roots. The coefficients are then recovered by solving a linear 
system. □ 



In next section we investigate univariate fewnomials over finite fields, in particular in (Z/pZ)[x] , 
and over the finite rings Z/p fe Z, where p is an odd prime number. 
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We then switch to univariate integer polynomials, trying to produce an answer to the question 
raised by Bcn-Or and Tiwari on how to interpolate a t-nomial in Z[x] from 2t arbitrary different 
real positive values. 

In the sequel we denote by deg/ the degree of a non-zero polynomial / G A[x] , A a ring, and 
by h(f) its binary length when A = Z, i.e. the maximum (base 2) logarithm log of the absolute 
value of its coefficients. 

3.1. Fewnomial interpolation in (Z/pZ)[x] and (Z/p fe Z)[x]. 

Here we impose conditions on the exponents of the polynomial, since for example, every x € 
(Z/pZ)[x] is a root of the binomial / = x p — x . We first recall the proof of a well-known result 
(see for instance [CDGK91, Th 4.2] for a more general context): any i -normal of degree strictly 
bounded by p — 1 in (Z/pZ)[x] is uniquely determined by its values in 2t points of the form 
Xi = p % ~ 1 for 1 < i < 2t , where p is a primitive root modulo p . (Of course this statement makes 
sense only if t is small with respect to p , i.e. if 2t < p — 2 , since if not standard interpolation 
suffices.) In some sense this is an analogous statement than that of a i-nomial in C[x] being 
uniquely determined by its value in 2t positive points. This condition can not be arbitrarily 
relaxed since for example a binomial modulo 7 of degree < 6 is not uniquely determined by its 
values in 1,2,3 and 4 : / = x 4 + 3 and g = 3x 3 + x coincide modulo 7 but are different (observe 
that in this example we may take p — 3 , and therefore 1,3,2 and 6 are good interpolation 
points: /(6)tM6))- 

Observation 3.2. Let p be a prime number and p £ Z be a primitive root modulo p . Let 
f = Y^j=i a j xOLj e (Z/pZ)[x] be a t-nomial satisfying that for j ^ t, aj ^ ai (mod (p — 1)) . 
Then f(p l ) = for < i < t — 1 implies f = . 

Proof. We have 

/ 1 Q1 ... l at \ 
p ai ... p at 

y p(t-i)ai _ _ _ p(t-l)«t j 
But the Vandermonde determinant of the left-hand side matrix 

n (p ae -p aj ) 

i<j<e<t 

does not vanish modulo p since p is a primitive root modulo p and p — 1 \ ag — aj . Thus the 
unique solution of the system is aj = for 1 < j ' < t . □ 

Corollary 3.3. Set p a prime number. A t-nomial in (Z/pZ)[x] of degree strictly bounded by 
p — 1 is uniquely determined by its values at p % , < i < 2t — 1 , where p is a primitive root 
modulo p . 

Proof. Let / := X^j=o a j x ^ 9 '■— Y^jZobjX-* be two t-nomials in (Z/pZ)[x] such that f{p l ) = 
g{p % ) j < i < 2t — 1 . Then h := Y^Jj=o( a j — bj)x^ is a 2t-nomial modulo p that satisfies 
h(p l ) =0 (mod p) for < i < 2t — 1 , and we apply the previous observation. □ 

In the paper mentioned above, M. Ben-Or and P. Tiwari raised the problem of generalizing their 
procedure for finite fields. As a partial answer, it is straight-forward that the determination of the 
unique t-nomial in (Z/pZ)[x] of degree strictly bounded by p — 1 and with prescribed values in 
l,p, . . . ,p 2 * -1 — when it exists — can be easily done copying their algorithm for this case. This 
gives an alternative simple proof in this particular case of the multivariate result of [CDGK91, Th. 
4.2]. 
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Algorithm 3.4. (Bcn-Or/Tiwari) 

Set p a prime number and p G Z a primitive root modulo p. Let f G (Z/pZ)[x\ be a t-nomial 
of degree strictly bounded by p—1. Then there is a deterministic algorithm that takes as inputs 
the values y\ := /(l),t/2 := f{p), ■ ■ ■ , V2t = /(p 2 * -1 ) and returns f . The binary running time of 
the algorithm equals 0((t 2 +p)logp) 

Proof. The proof copies [BeTi88]. Let / = £* =1 ajx^ G (Z/pZ)[x\, < a j < p - 2 . The 
algorithm first computes the exact number i of terms of / , then it determines the exponents 
ai, . . . , oli associated to non-zero coefficients and finally it recovers the coefficients a\, . . . , . 

Let us first assume that t = t . The core of the procedure is the same previous fact that since p 
is a primitive root modulo p , p a ^ p 13 in Z/pZ for 0<a^f3<p — 2 . 

As in [BeTi88], we construct a polynomial F G (Z/pZ)[X\ of degree t whose roots are exactly 
p a i , and then we recover ay , 1 < j < t , by simple inspection. 

The polynomial F = J^[* =1 (A — p aj ) = Y^k=obk^ k , b t = 1 , is constructed in the following way: 
For < I < t - 1 , 1 < j < t : 








= a i p ol i l F{p a i) = a 3 {b p a i l + b lP a ^ e+1 ) + ■■■ + b tP a ^ e+t )) 



b a jP a * e + hJ2 *iP ai{i+1) + ••• + &* E aiP^'+O 

j=l j — 1 j — 1 

bof( P e ) + hf(p e+1 ) + ■■■ + fe-i/C/*" 1 ) + /(//+') 



= boyi+i H h h-iye+t + ye+t+i- 

This yields the following system 

Vi ■■ 



Vt 



Vi 



2/24-1 



I 


( b \ 


- 


( Vt+i \ 








\ V2t J 



which is clearly solvable since 




/ 1 



V p 



,ai(t-l) 



1 \ 



n(Xt(t-l) 



ai 



\ 

a t J 



( 1 



V i 



p 



,ai(t-l) 
* 2 (t-l) 



<*t(«-l) 



whose determinant a\ . . . a t Yli<i < j<t(P aj ~ p ai ) 2 ^ (mod p) . 

Now it is easy to recover a\, . . . , a t by solving the Vandermonde system: 
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When the exact number of terms t is not known, but strictly bounded by t , we compute it by 
considering for 1 < I < t the matrices 



that satisfy that det(V^) = for all t < £<t while det(Vj) ^ in Z/pZ. Thus, computing t is 
equivalent here to compute the rank of the matrix Vt . 

Let us check the complexity of this algorithm: all integers are bounded by p , and t < p . As 
in [BeTi88], computing the exact number t of terms of the t -nomial requires 0(t 2 logp) binary 
operations, and bounds the complexity of solving the linear system to determine the polynomial 
F . The simplest way of computing the exponents otj , 1 < j < t , of / seems to be by simple 
inspection: computing p l , 1 < i < p — 2 and checking which of those are roots of F . This takes 
0(p\ogp) steps. Finally recovering the coefficients does not modify the overall complexity. □ 

Corollary 3.5. An analogous algorithm holds in a finite field ¥ q for q = p n , since the multi- 
plicative group of a finite field is cyclic of order q — 1 . Any t -nomial in ¥ q [x] of degree strictly 
bounded by q — 1 can be recovered from its values in the interpolation points p % , < i < 2t — 1 , 
where p is a generator of the field ¥ q over Z/pZ . 

Now we turn to polynomials with coefficients in the ring Z/p k Z, where all usual arguments fail 
for it is not even a domain. However combining Theorem 1.6 and Algorithm 3.4, we are able to 
obtain some results for p an odd prime number and k £ N , k > 2 . We introduce for polynomials 
in (Z/p k Z)[x] the analogue of Definition 1.9: 

Definition 3.6. Let p be an odd prime number and k G N. We say that a polynomial / = 

^2jCijX aj £ (Z/p k Z)[x] with cij ^ 0, Vj , reduces well modulo p if p \ aj for any j, and 
p — 1 { ctj — ai for any j ^ £. 

Corollary 3.7. Set p an odd prime number and k £ N with k > 2 . A t -nomial in (fLjp k TL)\x\ 
of degree strictly bounded by (fi(p k ) that reduces well modulo p is uniquely determined by its values 
at p l , < i < 2t — 1 , where p is a primitive root modp 2 . 

Proof. Let / = Y?j=i ajX aj+{ - p ~ 1S)kj £ (Z/p k Z)[x] be such a i-nomial, where aj ^ (modp) 
and < aj < p — 1 arc all distinct since / reduces well modulo p . Since p is also a primitive 
root modulo p, by Corollary 3.3, J2j o-j xaj £ (2/p2)[x] is the unique (exact) t -nomial of degree 
bounded by p — 1 with the prescribed values in p % , < i < 2t — 1 . Applying Theorem 1.6, since 
{p%0 < i < It — 1} is a good starting set (Proposition 1.14), there exists a unique g such that 
g{p l ) = f{p l ) (mod p k ) , < i < 2t — 1 , under the condition that the coefficients coincide modulo 
p k and the exponents mod(p(p k ) . Therefore, since / is such a polynomial, / £ (7Ljp k 7L)\x\ is the 
unique t -nomial of degree bounded by (fi(p k ) that reduces well modulo p. □ 

Algorithm 3.8. Set p an odd prime number, p £ Z a primitive root modp 2 and k £ N with 
k > 2. Let f £ (Z/p k Z)[x] be a t -nomial of degree strictly bounded by <p(p k ) that reduces well 
modulo p . Then there is a deterministic algorithm that takes as inputs the values y\ :— /(l), yi := 
f(p),---,V2t = /(p 2 * -1 ) in Z/p k Z and returns f . The binary running time of the algorithm is 
of order 0(t 3 k 2 log 2 p + plogp) . 

Proof. We first apply Algorithm 3.4 to compute the unique exact t -nomial /o £ {Z/pZ)[x\ of 
degree strictly bounded by p — 1 such that foip 1 ^ 1 ) = Vi (mod p) for < i < 2t — 1 . Then we 
apply Theorem 1.6 to lift f to /. 



Vt ■■= 



V Vi 



Vii-\ ) 
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Now we check the complexity of the algorithm. First we reduce yt and p'^ 1 (mod p) , 1 < i < 2t 
to construct /o . This takes (3(ifclogp + (t 2 +p)logp) binary operations. Next, there are at 
most log log (p(p k ) = O(\og k + log logp) lifting steps, each of them solves a system of size 2t with 
entries bounded by p k , that takes 0((logfc + log logp)£ 3 fc logp) binary operations. The overall 
complexity is then of order 0(t 3 k log k log p + t 3 k log p log log p + p log p) . □ 

A final observation for this section is that, with the same proof than that of Corollary 3.7, Propo- 
sition 1.10 can be reformulated as follows: 

Corollary 3.9. Set p an odd prime number. Let f = a,jX aj , g = ^^btx^ 1 £ Z[x] be two 
polynomials that reduce well modulo p . Then, for any k £ N , the three following conditions are 
equivalent: 

• / and g have the same number t of non-zero terms, and up to an index permutation, 
dj = bj (mod p k ) and ctj = [3j (mod (p(p k j) ■ 

• f(x)= g(x) (mod p k ) for all x £ Z prime to p . 

• = gip 1 ^ 1 ) (mod p k ) for 1 < i < 2t and p £ Z a primitive root modulo p 2 . 

For the previous results we used the fact that for p £ Z a primitive root modulo p 2 , 
{1, p, . . . , p 2 * -1 } is a good starting set (of type (1) of Proposition 1.14). For good starting 
sets of type (2), for instance {1, p, . . . , p l ~ x ,p + l,p + p, ■ ■ ■ ,p + p 1 ^ 1 } for p £ Z a primitive root 
modulo p, we do not have analogous of Corollary 3.3 and Algorithm 3.4, and the best we can 
obtain are the following statements: 

Corollary 3.10. Set p an odd prime number and k £ N, k > 2 . A t-nomial in (7Ljp k 7L)\x\ of 
degree strictly bounded by tp(p k ) that reduces well modulo p is uniquely determined by its values 
in {l,...,p-l,p+l,...,2p-l}. 

Proof. This is simply due to the fact that the first p — 1 points decide which is the t-nomial 
modulo p and then we apply Theorem 1.6 for the over-constrained compatible system we have, 
using that the given set contains a good starting set of type (2). □ 

Algorithm 3.11. Set p an odd prime number and k £ N 7 k > 2. Let f £ (Z/p fc Z)[x] be 
a t-nomial of degree strictly bounded by (p(p k ) that reduces well modulo p. Then there is a 
deterministic algorithm that takes as inputs the values f(l),...,f(p— l),/(p+l),..., f(2p — 1) 
in r Ljp k 'L and returns f . The binary running time of the algorithm is of order 0(p' i k log k) . 

Corollary 3.12. Set p an odd prime number. Let f = J^. ajx aj , g = ^2 e bex@ e £ Z[x] be two 
polynomials that reduce well modulo p . Then, for any k £ N , the three following conditions are 
equivalent: 

• f and g have the same number t of non-zero terms, and up to an index permutation, 
aj = bj (mod p k ) and aj = f3j (mod f{p k )) ■ 

• f(x)= g(x) (mod p k ) for all x £ Z prime to p . 

• f(i) = g(i) (mod p k ) for 1 < i < p — 1 and p + l<i<2p— 1 . 

3.2. Fewnomial interpolation in Z[x] . 

In their paper, M. Ben-Or and P. Tiwari also raised the problem of producing an algorithm that 
interpolates a t-nomial in C[x] from 2t arbitrary different real positive values. Here we restrict 
to polynomials in Z[x] . On one hand we observe that applying a bound by A. Borodin and P. 
Tiwari [BoTi91, Thm.4.3] we can restrict ourselves to t + 1 interpolation points, t of them being 
almost arbitrary, but the last one imposed and huge. On the other hand, Theorem 1.6 enables us 
to reduce the size of the starting interpolation points for t -normals in Z[x] that reduce well mod 
p for some small enough prime number p . 
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Theorem 3.13. ([BoTi91, Thm.4.3]) 

Let f G Z[x] be a t-nomial, and (xi,yi) G Z 2 , 1 < i < t, that satisfy that Xi > 2 and f(xi) = yi 
for \<i<t. Then 

deg / < max log Xi + t 2 max log j/i + 2. 

i i 

This bound for the degree of such a i -nomial / in term of the height of its evaluation points 
immediately yields a bound for the height h(f) of / : 

Corollary 3.14. Let f G Z[x] be a t-nomial, and (xi,yi) G Z 2 , 1 < i < t, that satisfy that 
Xi > 2 and f(xi) = yi for 1 < i < t . Then 

h{f ) < maxlog \yi\ + 2t(logt + maxlog a^) + t max 2 \ogXi + t 3 maxlog x^ maxlog \yi\. 

i i i i i 

Proof. Set D := maxjlogXj +t 2 max i logy i + 2. As / = a j x<Xi where ctj < D , when 

solving the linear system induced by f(xi) = yi for 1 < i < t, we deal with an integer matrix 
of size t and entries of absolute height bounded by H := t max^ Xi D and a vector with entries 
of absolute height bounded by max^ . Applying Cramer's rule and the fact that o t e Z, we 
obtain \ai\ < tl H 1 ^ 1 max^ \yi \ . This gives the announced bound. □ 

Now we remark that an a priori bound for the height of a t-nomial / G l\x] immediately yields 
the polynomial by interpolation in one single huge value: 

Observation 3.15. Let f G Z[x] be a t-nomial and let H be a bound for the maximum absolute 
value of the coefficients of f . 

Then, for any odd number H > 2H + 1 , there is a deterministic algorithm that takes as input the 
value f(H) and returns the t -nomial f in Z[x] . 

The binary running time of the algorithm is polynomial in t , log(iJ) and log(/(_ff)) . 

Proof. It is enough to write f(H) = J2i>i &iH l in base H with coefficients in [— ^f^] to 
recover the exponents and coefficients of / by simple inspection. □ 

Combining these two facts, we conclude that to obtain / we can restrict ourselves to t + 1 
interpolation points xi, . . . ,x t +i , where x t > 2 are arbitrary for 1 < i < t but x t+ i satisfies the 
condition of the previous observation. 

Now we come back to Ben-Or/Tiwari type algorithms to recover i -normals. We remind that in the 
sequel a bound t for the number of non-zero terms is always given as an input. An inconvenient in 
the original algorithm by [BeTi88] is the explosion of intermediate integers: one has to deal with a 
polynomial F — see proof of Algorithm 3.4 above — where a coefficient equals at least 2 QlH hQ * . 
This problem has been solved in [KaLa88, KLW90], where the authors propose a probabilistic 
algorithm that keeps the intermediate integers small by employing the traditional Hensel lifting 
of roots. They choose a "lucky" prime p and k G N big enough (essentially s.t. p k > deg/), 
compute the crucial polynomial F modulo p k and lift its roots modulo p to roots modulo p k . 
These algorithms require a degree bound as input, mostly to control the probability of unlucky 
reduction modulo p . 

Here we present an alternative algorithm to recover a t -nomial / G Z[x] from its interpolation in 
It points of size bounded by p 2 , provided we know in advance that it reduces well modulo the 
odd prime number p . Since we are still not able to produce a probability analysis for the choice 
of a good prime p such that / reduces well modulo p , our algorithm only yields an heuristic for 
arbitrary r-nomials. 

We de not intend here to compare the speed of our method with that of [KLW90]: no serious 
implementation has been done yet. However, since both methods are different in nature, we think 
that it can be useful to have them both in mind. 
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Algorithm 3.16. Let f G T\x] be a t-nomial and let p > t be an odd prime number such that 
f reduces well modulo p. Set p G Z a primitive root modulo p 2 and let x\,...,X2t 6 N be such 
that x t = p 1 ^ 1 (mod p 2 ) . 

Then there is a deterministic algorithm that takes as input the values y\ :— f(x\), . . . , y^t '■= f{ x 2t) 
and returns the t-nomial f in Z[x] . 

The binary running time of the algorithm is polynomial in p, logd, h and h, where d := deg/, 
h := h{f) and h := max{/i(j/j), 1 < i < 2t} . 

The algorithm computes m < max{ [log log d], [log/i] } t-nomials f , ■ ■ ■ , f m € Z[x] until match- 
ing f . The termination of the procedure is given by the condition f m {xi) = Vi f or 1 < i <2t . 

Proof. We first compute by Algorithm 3.4 the unique exact t-nomial /o G Z[x] , where t<t,oi 
degree < p — 2 and integer coefficients in [— , ] , determined by the conditions 

fo(xi) = yi (mod p) for 1 < i < 2t. 

This t-nomial must exist since it coincides with Y^j=i a jX aj if / : = S*=i( a j +P d^x^^^ 1 ^^ , 
with aj G [-2^1,2^1],^. G [0,p-2]. 

We observe that if fo(xi) = y% in Z, the procedure stops and / = /o , since / is uniquely 
determined by its value in the 2t positive values x\, . . . , x^t ■ 

W.l.o.g. we can assume now that t = t. To continue the procedure we apply Theorem 1.6 to 
compute recursively the unique exact t-nomial fk = Y^j=i^i x ^ j 01 degree strictly bounded by 

ip(p 2> ") and with integer coefficients in [— p ~ x , p 2 -1 ] that satisfies fk{xi) = yi (mod p 2 *) for 
1 < i < 2t . 

The termination of the procedure occurs at most for f m = / , i.e m such that — ^ — > 2 h and 
ip(p 2m ) > d, that is 

m = max{ \\ogh~\, \ log log d] }. 

Now let us compute the binary complexity of the algorithm. The running time needed to compute 
/o is of order 0((t 2 + p) logp) . 
To compute fk+i from fk : 

First we compute modp 2 the entries of matrix Mk : we need to compute e 2 k+i(xi) and ^ 2 fc + 1 ( x i) 
defined in Identity (3), that require 0(<(log(p 2 ) + h)) = 0(t(2 k+1 log p + h)) bit operations. To 
compute xf J modulo p 2> ° requires 0(log(p 2fc )) = 0(2 fe logp) operations. The computation of the 
determinant of M k and of its inverse modulo p 2 requires 0(t 3 2 fc logp) more operations. Thus, 
computing fk+i from fk requires 0(t 3 (2 k+1 \ogp + h)) bit operations. 
Thus, the total number of bit operations of the algorithm is bounded by 

0(t 3 (max{/i, logd } logp + h) + plogp). 

(We kept the complexity in terms of p and logp since the only place where it seems to depend 
on p is in the computation of the starting polynomial /o ) . □ 

Since under our conditions, the bound of [BoTi91, Thm.4.3] gives deg / < 21ogp + t 2 h + 2 , we 
obtain the following heuristic for the case we do not know in advance that / reduces well modulo 
P- 

Heuristic 3.17. 

• Input: / G Z[x] given by a black-box, t G N a bound for the number of terms of / . 

• Output: Luckily, the monomial basis representation of / . 

• Heuristic: 

— Pick p > t an odd prime number. 

— Pick p G Z a primitive root modulo p 2 . 
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— Pick xi, . . . ,X2t £N such that Xi = p 1 ^ 1 (mod p 2 ) . 

— Compute tji := f(xi) for 1 < i < 2t from the black box. 

— Compute fo , the unique exact t-nomial modulo p such that fo(xi) = yi (mod p) 
for 1 < i < 2t (we observe that t < t must occur) . 

— Lift, Applying Theorem 1.6, fo to f m = ^2i =1 a,iX ai such that 

tfiip 2 " 1 ' 1 ) < 2\ogp + t 2 h + 2 < <p(p 2m ). 
(This yields the possible exponents a\, . . . , of / .) 

— Set / = Y?i=i z iX ai an d try to interpolate f(xi) = yi for 1 < i < 2t in Z[x] solving 
a simple Vandermonde system. 

— If the interpolation problem has a solution, then / = / and output / . 

— If there is no solution, it was because / was not an exact £ -normal (and in fact the 
exact number of terms of / is strictly greater than t). In that case pick another 
prime q > t and start the procedure again. (If the exact number of terms of the new 
starting polynomial fo is not greater than t , pick another prime.) □ 

Final comment: The problem of finding an algorithm that, given an (unknown) i-nomial / in 
1\x\ and 2t starting evaluation points, finds the monomial structure of / has proven very hard. If 
one can find an algorithm that solves the (easier) problem over the finite field ILjpL (where there 
may be no solution or more than one), our method for lifting the coefficients and the exponents can 
be used under the assumption of the existence of a "good" (relatively small) prime p , i.e. a prime 
p such that / reduces well modulo p , and the pseudo-jacobian of / is invertible. A probability 
analysis for good reduction of £ -normals modulo p is still lacking. We are trying to give an answer 
to these problems. 
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